Skip to content

CODE OF CONDUCT

The Code of Conduct and Policies of the Sotralu Group are built on the values ​​of Sotralu and ESG commitments.

Sotralu Group is committed to demonstrating to our customers and other stakeholders that our products or solutions have been made in the most responsible manner possible – resource and energy-efficient, with a minimal impact on the environment and climate, respecting human rights and labor rights, and in compliance with applicable laws and regulations.

This Code of Conduct, based on our strong corporate values and will be regularly updated to ensure that we stay ahead of all laws and expectations.

I hope everyone reads and understands the Code of Conduct and ensures compliance with its requirements. Only this way will we continue to be recognized as the trusted company that we are.

Welcome to our Code of Conduct.

1. Money Laundering

Money laundering is the process by which the proceeds of crime are converted into assets that appear to have a legitimate origin, allowing them to be permanently retained or recycled into other criminal enterprises. The definition also includes money that can be used to finance terrorist activities.

Sotralu Group is committed to taking appropriate measures to prevent and detect any form of illegal payment and to prevent the Sotralu Group from being used by others for money laundering. You should seek advice from the Legal or Compliance Departments on all matters related to business compliance and the fight against money laundering.

The following examples of activities can be defined as money laundering and are strictly prohibited under this policy:

  • Execution of any transactions (including acquisitions and disposals) involving any assets known or suspected to have originated from criminal or illegal activities, regardless of the country or region where the activities occurred (“Criminal Assets”);
  • Conservation or transfer of criminal assets with the aim of concealing or disguising their illicit origins;
  • Assistance to anyone involved in transactions related to criminal assets to evade legal consequences;
  • Any activities undertaken to conceal the true origin, location, movement, nature, or ownership / control rights of criminal assets.

When there is suspicious activity involving a business relationship (e.g., customer, supplier, other partener), Sotralu employees must assess whether there is a risk of money laundering or terrorist financing.

The following list provides some examples of red flags that could indicate such activities:

  • Customer requests to pay in cash;
  • Payments from countries considered higher risk (see the global list from the Financial Action Task Force – FATF – www.FATF-GAFI.org – or the local regulator / government list for high-risk locations) for money laundering or terrorist financing, tax havens, or unrelated or non-routine for the client;
  • Structuring transactions that seem to circumvent government reporting or record-keeping requirements;
  • Unexpected changes in a client’s activities;
  • Overpayment of invoices with refund requests;
  • Refunds requested to another part or account number;
  • Third parties who are reluctant to provide insufficient and complete information when required, which hinders the completion of due diligence activities;
  • Customers in which the true beneficial owner cannot be determined, or who have unusually complicated business structures, or payment patterns that do not reflect any real business purpose;
  • Adverse media about the integrity and conduct of business and its directors / owners.

Anyone who has knowledge of or suspects any money laundering activities and fails to report their concerns may be in violation of the law.

This policy applies to the “employees” of the Sotralu Group, which means all employees, including subsidiaries (temporary, fixed-term, or permanent), consultants, contractors, interns, seconded personnel, domestic workers, occasional workers, agency staff, volunteers, sponsor agents. This policy applies to employees, administrators, members of the board of directors or members of committees at any level. Sotralu Group is committed to complying with all applicable laws and regulations. Any employee found to have violated this policy may be subject to disciplinary action, including termination and may be subject to criminal sanctions.

Employees are encouraged to raise concerns about any issue or suspicion of misconduct at the earliest possible stage. If you are unsure whether a particular act constitutes money laundering, or if you have any other doubts or concerns, these should be raised initially with your hierarchical superior or through the relevant function(s) / department(s). To ensure that any investigation is not compromised, employees should refrain from attempting to investigate concerns themselves to avoid alerting the individual(s) involved.

2. Anti-Corruption and Anti-Bribery

Corruption occurs when a person in a position of authority or trust abuses their position for their own benefit or that of another person. The most commonly known form of corruption is bribery. Bribery is defined as the offering, promising to give, accept, or request an advantage as an incentive for an illegal action or a breach of trust. Bribery and corruption can lead to severe civil and criminal penalties, as well as damage to the reputation of companies and organizations.

This policy establishes a prohibition of bribery and corruption in all forms, including payments for favors. To establish the responsibilities of a company and those working for us in observing and maintaining our zero-tolerance stance towards bribery and corruption. This policy identifies our obligation to comply with anti-bribery and corruption laws, provides a definition of bribery and corruption, and outlines reporting responsibilities regarding bribery and corruption.

Sotralu Group does not tolerate corruption in the private or public sector. We commit to comply with all applicable laws and regulations enacted to combat corruption and bribery. We prohibit the payment of bribes and commissions of any kind, whether in dealings with public officials or individuals in the private sector. In order to obtain or retain business or other advantages in the conduct of business, you shall not offer, promise, or give anything of value or undue advantage to a public official or any third party to influence that person to act or refrain from acting in relation to the performance of their duties. This applies regardless of whether the advantage is offered directly or through an intermediary. In the performance of your duties for Sotralu Group, you must not request, accept, or receive any undue advantage that may influence your decisions. The non-compliance will be treated as a serious violation and a disciplinary matter. Will be protected against any sanctions from the Sotralu Group or any representative of the Sotralu Group for refusing to participate in any action that is or may be understood as corruption, bribery, or facilitation payment.

The following sections of the policy relate to five areas of higher risk:

  • Gifts and hospitality;
  • Payments of favors;
  • Political interactions;
  • Contributions and charity sponsorships;
  • Third parties.

A proper management of the offering and acceptance of gifts and hospitality is crucial to mitigate the risk they pose of actual or perceived bribery or corruption.
Employees should only give or accept gifts and hospitality that are:

  • In good faith, occasional, reasonable, and appropriate;
  • A regular business courtesy;
  • Transparent.

Employees should not give or accept gifts and hospitality:

  • With the intention or perspective of influencing decision-making or other behavior;
  • With the intention of gaining any improper or undue advantage;
  • That are reasonably capable of being considered, in any case, as a bribe;
  • In the form of money, which includes prepaid cards or gift cards that can be exchanged for cash;
  • Associated with any public servant or any member of their family.

All employees must declare and maintain a written record of the amount and reason for hospitality or accepted gifts and register it in the central gifts registry of a company. The supplier offers must always be disclosed. The intention behind a gift to be given or received should always be taken into consideration.

Sotralu should not make donations to support any political parties or candidates, whether in cash, in kind, or by any other means. Political donations should be seen as an attempt to gain an inappropriate business advantage. Sotralu should not sponsor political meetings, conferences or conventions. Dealing with public servants carries a higher risk of corruption. Employees must be particularly careful when communicating with public officials, exchanging gifts and hospitality (including travel and accommodation) with public officials, or providing assistance to public officials. Any decisions regarding a public servant or a public servant’s relationship must be approved by the company’s management.

Charitable contributions can only be given to recognized nonprofit charitable organizations. All donations must be:

  • Transparent and duly registered in our accounting records;
  • Receiving or having an acknowledgment letter from the charity organization to ensure that donations receive proper tax treatment.

Donations should not be made:

  • Without conducting risk-based due diligence for approval attainment;
  • To individuals or in cash;
  • At the request of a public official as an incentive or reward for acting improperly.

Sponsorship by, or on behalf of, a company should only be done for reasons of charity or good faith public relations and should not be undertaken in circumstances where there is or may be any undue influence or interference. Sponsorships should not be based on risk-based due diligence and obtaining approval.

This policy applies to “employees”, which means all employees (whether temporary, fixed-term, or permanent), consultants, contractors, interns, secondees, domestic workers, casual workers, agency staff, volunteers, agents, sponsors, or any other person(s) associated with a company (including third parties), or any of its subsidiaries or their employees, regardless of their location. This policy also applies to employees, administrators, board members, or committee members at any level. In the context of this policy, “third parties” refers to customers, contractors, consultants, suppliers, distributors, business contacts, agents, partners, and governmental or public entities – encompassing their consultants, representatives, and employees, as well as politicians and public parties.

3. Human Rights

Human rights are inherent rights to all individuals, both internal and external stakeholders, regardless of their color, language, nationality, national origin or ethnicity, religion, gender, or any other status. A Human Rights Policy establishes a commitment to respect human rights, through the existence of processes to identify, prevent, mitigate, and account for how a company addresses its impacts on human rights. A Human Rights Policy provides a company with a framework and approach to develop effective management systems to mitigate human rights risks, while simultaneously promoting positive human rights impacts.

Sotralu Group supports the principles established in the Universal Declaration of Human Rights. We must ensure that all our global activities are conducted in accordance with these basic human rights standards (Corporate Social Responsibility Directive). Sotralu Group must comply with national legislation wherever we operate. In case of conflict between national and international human rights norms, we should comply with national requirements while simultaneously promoting international standards.

As part of our commitment to human rights, it is our goal:

  • To avoid the negative impacts on human rights resulting from our business operations, we will respect the rights enshrined in the International Bill of Human Rights and the International Labour Organization (ILO) Declaration on Fundamental Principles and Rights at Work;
  • Protecting individuals and / or groups vulnerable to the adverse impacts of our direct and indirect operations based on their age, disability, ethnicity, gender, gender identity, indigenous identity, marital status, immigrant status, language group, nationality, sexual orientation, religion, and other characteristics as protected by international instruments and national laws;
  • To promote positive impacts of human rights, adhering to and supporting the achievement of the United Nations Sustainable Development Goals (SDGs).

The most important human rights issues related to business are:

  • Freedom of expression.
  • Freedom of association and collective bargaining;
  • Labor standards;
  • Forced labor;
  • Child labor;
  • Minority rights;
  • Utilization of security forces.

Sotralu Group is responsible for respecting human rights in the treatment of its own employees and employees working in subsidiaries where the Sotralu Group has ownership control or operational responsibility. We should also extend our human rights requirements to suppliers and contractors, and influence others with whom we have contractual relationships.

This policy should apply to all employees, regardless of their contractual relationship or position. This includes all full-time employees, temporary workers, independent contractors, direct suppliers, indirect suppliers, and business partners while performing related activities and services.

4. Health and Safety

Health and Safety (H&S) is defined as a set of guidelines, programs, and practices that promote a safe working environment for employees, subcontractors, clients, and members of the public who interact with the company. A policy of H&S is a mandatory requirement that establishes an organization’s commitment and approach to protecting these key stakeholders. A health and safety policy provides organizations with a roadmap to develop the most effective systems and procedures, thus creating opportunities for the business while mitigating health and safety risks.

All sites within the Sotralu Group have their own health and safety procedures, regularly adapted based on high standard local laws and practices in France, Italy and Portugal.
This policy was designed for the purpose:

  • Preventing injuries / illnesses in the workplace by providing a safe and healthy work environment;
  • Providing a support system to address any work-related accidents, injuries and identified hazards;
  • To inform direction and personnel of their obligations and responsibilities to ensure safe work practices;
  • Ensuring compliance with Health and Safety Criteria obligations and promoting best practices;
  • Promote well-being and continuously improve well-being and H&S.

This policy aims to ensure that the highest standards of Health and Safety (H&S) are applied in all activities and projects of the Sotralu Group, protecting the health and well-being of employees, contractors, visitors and other applicable stakeholders. Demands prevention and reduction of accidents, promoting and enabling a culture where everyone takes responsibility for safety. Accidents, incidents and near misses will be promptly reported and investigated, and the lessons learned will be shared and acted upon within the company.

This policy aims to ensure the health and safety, as well as the well-being at work, of all employees, contractors and visitors of the Sotralu Group, in accordance with relevant statutory requirements and best business practices. We should do it:

  • Provide and maintain equipment and workplaces that are safe and free from health risks for employees and contractors;
  • Provide, as needed, information, instruction, training and supervision necessary to ensure health and safety at work for employees;
  • To promote a positive culture for employees, encouraging high standards of safety and active participation;
  • To ensure the appointment of an HSE (Health, Safety, and Environment) responsible individual to advise the organization on all matters related to health, safety and well-being, and to oversee their implementation;
  • Embedding H&S considerations into the decision-making process across all activities;
  • Continuously improve the performance of H&S, supported by appropriate resources and strong, visible H&S governance;
  • Establishing health and safety performance objectives and goals, and regularly monitoring and reporting our performance throughout the company, as well as to company management;
  • To ensure the existence of systems to identify, assess, manage and control all health and safety risks related to the project;
  • To ensure the existence of occupational health and safety rules and programs to protect individuals and the workforce from hazards that may arise in the workplace;
  • Promote a culture where accidents, incidents and near misses are promptly reported and investigated, and the lessons learned are shared and applied throughout the company;
  • To keep and regularly test contingency and emergency plans.

The standard rules of Sotralu applied within the H&S theme are listed below:

  • Immediately stop any unsafe work that has the potential to injure personnel, damage equipment, or harm the environment;
  • Report immediately any work-related injuries / illnesses, no matter how minor, to the Health and Safety coordinator;
  • Immediately report all fires, spills, or releases, no matter how small, to your supervisor;
  • Immediately report to your supervisor any unsafe condition, unsafe act, near-miss incident, or vehicle collision;
  • Always comply with all safe driving requirements, particularly speed limits, when operating a vehicle;
  • Fences and proper signage around hazardous work areas, such as holes in pavements, trenches, road crossings, and dangerous work at heights;
  • Use only appropriate tools and equipment, maintained in safe working conditions. Do not use homemade, modified or damaged tools;
  • Use proper manual lifting techniques, seek assistance or use mechanical lifting aids when lifting heavy loads;
  • Ensure that all safety protections, switches, and alarms are installed and functioning on the machines;
  • Inspect all fire extinguishers and other emergency equipment and keep them clear of any obstructions;
  • Label and properly store all containers of chemical products or hazardous materials. When specified, store containers in secondary containment areas or on containment pallets.

At the very least, all company employees will receive:

  • A formal H&S training session;
  • Written H&S procedures applicable;
  • Adequate training in their roles and responsibilities.

The training should be updated regularly and when changes occur in work processes and regulations. When applicable, workers with increased responsibilities in H&S matters and / or exposure to unique risks should receive additional training.
When subcontractors and subcontracts are utilized, they must demonstrate that their employees are competent to perform the contracted tasks and have received adequate training. All training records must be kept with the management and updated as necessary.

The global reporting / monitoring approach of the Sotralu Group includes:

  • Key performance indicators (KPIs);
  • Warranty program;
  • Monthly accident report.

5. Complaints / Speak Up

To speak is the act of disclosing information about workplace infractions. A “speak-up” policy outlines the channels and principles for stakeholders to communicate a range of issues in a safe manner. An effective awareness program is an essential component of an organization’s compliance framework and a key risk management tool. “Speak-up” mechanisms can enhance controls in areas such as fraud risk management, anti-bribery, health and safety, and meet the growing demand for demonstrable ethical business practices.

This policy outlines the procedure that allows stakeholders to raise any concerns that may be related to misconduct or other forms of illegal or unethical behavior observed within the Sotralu Group.

Sotralu Group is committed to ensuring that all concerns raised are promptly addressed, in a safe, fair, and confidential manner, and that any wrongdoing or unethical behavior is reported appropriately, without fear of any form of harm to the whistleblower as a result, including retaliation and / or termination. All concerns raised (even if incorrect, provided that the report was not made with malicious intent) will be considered and addressed appropriately. It is expected that, should the parties come across or hear about any cases of irregularities, they should communicate their concerns through the most appropriate and / or convenient method outlined in this policy. To ensure that any investigation is not compromised, stakeholders should refrain from attempting to investigate their concerns themselves to avoid alerting the individual(s) involved.

This policy applies to all stakeholders of a company, including employees, former employees, contractors, and any business partners, including suppliers and customers. This policy was designed to allow all individuals to raise concerns about behaviors they consider illegal and unethical:

  • Financial fraud or theft;
  • Bribery or corruption;
  • Money laundering;
  • Intimidation and harassment, including sexual harassment;
  • Racism, sexism, or homophobic behavior;
  • Health and safety hazard;
  • Environmental damage;
  • Dishonest Environmental, Social, and Governance (“ESG”) Credentials and Metrics Report.

If you wish to lodge a complaint, Sotralu Group recommends that, in the first instance, you address it internally through your hierarchical superior, or if it is not appropriate to do so, to one of the following departments:

  • Legal;
  • Human Resources – You may choose to bring a colleague with you if they agree to respect the confidential nature of the matter.

Sotralu Group encourages whistleblowers to provide their name and contact details if they feel comfortable and confident doing so, but also acknowledges that this can sometimes be difficult. Therefore, whistleblowers also have the option to submit their complaint anonymously, without providing their name or contact information. All complaints will be considered and evaluated regardless of whether they are anonymous or not, as long as sufficient information is provided in the report to enable an effective review of the allegations.

The reports will be shared only with individuals who are actively involved in the “speak-up” process or with individuals who require supervision. Each report will be handled with the utmost care to protect the confidentiality of the whistleblower. The reports will be handled in compliance with all applicable data protection laws, including the General Data Protection Regulation (“GDPR”).

Regardless of the chosen method for filing a complaint, the complainant should strive to include as many details as possible in their submission to enable us to understand the allegations and address the issue appropriately. This may include the following:

  • Against WHOM is the complaint? Are there any other relevant individuals who might be of interest?
  • WHAT happened? What laws or policies may have been violated?
  • WHY could it have happened?
  • WHERE did this happen? For example, the country, business unit, or any relevant location.
  • HOW could it have happened?
  • WHEN did this happen?

Once a complaint is submitted, the relevant functions / departments will be notified, and the acknowledgment within seven days of the complaint submission should be received. Copies of the complaint may also be sent to relevant departments, depending on the nature and location of the allegations. The recipients of the complaint shall then convene and decide whether a full investigation will be conducted, as well as any further steps to be taken. A complaint can be forwarded to a specific department or qualified individual (without conflicts of interest) within the company to conduct the investigation, if deemed appropriate. For investigations that have been concluded when the allegations are substantiated, management will ensure that appropriate corrective measures are taken to mitigate any risk of the issue reoccurring.

Sotralu Group does not tolerate any form of retaliation and is committed to protecting whistleblowers and any other individuals from experiencing any adverse treatment as a result of their intervention. Examples of retaliation may include (but are not limited to) the following:

  • Dismissal or changes in responsibilities that bring disadvantage to the individual;
  • Harassment or any form of harm or pressure, including psychological damage;
  • Any form of harm to the individual or the individual’s property.

If stakeholders face any form of retaliation for expressing themselves, they should be encouraged to voice their concerns through the most suitable method outlined in this policy as soon as possible, for instance, with their immediate supervisor or via an independent third party. All retaliation complaints must be thoroughly investigated, and the company must take appropriate disciplinary actions. Although the company may take all reasonable measures to protect the whistleblower against reprisals, it may not be possible to provide the same level of protection to former employees or those who are not directly affiliated with the company.

If stakeholders have provided contact details (even if this has been done anonymously), the investigator will have a communication channel with the stakeholder for any follow-up questions or updates regarding their case. All concerns will be addressed within seven days after acknowledging receipt of the complaint. Once awakened, stakeholders should be informed about the chosen follow-up method and provided with an explanation for the selection. Given the varied nature of the allegations presented in the “speak-up” reports, it is difficult to provide specific timelines for the investigations. However, Sotralu Group will ensure that investigations are conducted as swiftly as possible, according to the nature and severity of the concern, while simultaneously maintaining the expected quality standard. Sotralu Group will provide you with a response within three months, but this may take up to six months for more complex investigations. Any allegations made in bad faith should be treated as a violation of Sotralu’s Code of Conduct.

If the recipients of a “speak-up” report decide that an investigation is necessary, the investigation should begin as soon as possible. Depending on the severity of the allegations (e.g. in cases of fraud allegations), the investigation may be conducted without informing the alleged suspect(s) until it becomes necessary to do so. The investigation team must acknowledge receipt of the complaint and inform the reporter that an investigation has been initiated. Once the investigation is completed, the investigative team should notify the reporter that the investigation has concluded and that appropriate measures should be taken or have been taken. If a stakeholder is dissatisfied with the handling of their report, they should be able to raise it with the Sotralu Commission.

Sotralu Group encourages stakeholders to express their concerns within the company, in the first instance. However, if stakeholders feel uncomfortable and communicate internally or if it is inappropriate to do so, they may want to communicate their concerns externally to public authorities.

6. Data Protection and Privacy

Sotralu Group compliance with personal data information treatment regulations and the protection of such data under all applicable data protection laws, including the General Data Protection Regulation (“GDPR”), concerning the handling and transfer of personal data of employees and third parties at the company level.

The processing of personal data by Sotralu Group must always maintain adequate protection and comply with the laws and regulations applicable to the processing of personal data, including requirements and obligations regarding confidentiality. This applies regardless of whether the information pertains to customers, employees, or others. The processing of personal data should be limited to what is necessary for relevant commercial purposes, customer satisfaction or proper management of employees, and in accordance with applicable principles of data protection.

7. Cybersecurity

The cyberspace is vulnerable to a wide variety of incidents, whether intentional or accidental, of human or natural origin, and the data exchanged in cyberspace can be exploited for malicious purposes. The protection of cyberspace information and the preservation of the confidentiality, integrity, and availability of information in cyberspace is the essence of a secure cyberspace.

Cybersecurity plays a crucial role in the realm of the digital world. The security of information and data has become one of the most important challenges nowadays. Whenever we think about cybersecurity, the main thing that comes to our mind is cybercrimes, which are on the rise. Alongside various measures, cybersecurity remains a massive concern.

In the vast growth of the IT sector, establishing a secure and trustworthy computing environment for electronic transactions, software, services, devices, and networks has become one of the main priorities for the Sotralu Group.

The objective of this policy is to (a) protect the data and infrastructure of the Sotralu Group, (b) outlining protocols and guidelines that respond to cybersecurity measures, (c) define the rules for company and personnel use, and (d) enumerate the company’s disciplinary process for policy violations.

The Sotralu Group defines “confidential data” as:

  • Undisclosed and classified financial information;
  • Information about customers, suppliers and shareholders;
  • Data regarding customers and sales;
  • Patents, business processes, and / or new technologies;
  • Passwords, tasks, and personal information of employees;
  • Company contracts and legal records.

The purpose of this policy is to establish the proper use of computer devices within the company. These rules protect the authorized user and, consequently, the company as well. Inappropriate usage exposes the company to risks, including virus attacks, compromise of systems and network services, as well as legal issues.

This policy was also established to help prevent attacks on companies’ computers, networks and technological systems from malware and other malicious code. This policy is intended to help prevent damage to users’ applications, data, files and hardware. The antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. The antivirus software is a basic and indispensable necessity for every system, as well as a firewall flow analysis.

Email security describes in this policy different procedures and techniques to protect email accounts, content, and communication against unauthorized access, loss or compromise. Email is commonly used to spread malware, spam and phishing attacks. Attackers use deceptive messages to induce recipients to share sensitive information, open attachments, or click on links that install malware on the victim’s device. The email is additionally a standard entry point for attackers looking to take action within a corporate network and acquire valuable company data. The objective of this policy is to establish rules for the use of corporate email for sending, receiving or storing electronic messages.

This policy applies to all remote workers of the Sotralu Group, including permanent and part-time employees, contractors, volunteers, suppliers, interns, and / or any individuals with access to the company’s electronic systems, information, software, and / or hardware.

To ensure the safety of all devices and information issued by the company, employees of Sotralu Group are required to do so:

  • Keep all devices issued by the company password-protected (minimum of 8 characters). This includes tablets, computers, and mobile devices;
  • Protect all relevant devices before leaving your desk, including logging out;
  • Obtain authorization from the IT Manager before removing devices from the company premises;
  • Refrain from sharing private passwords with coworkers, personal acquaintances, senior staff, and / or shareholders;
  • Regular update of devices with the latest security software;
  • Use the internet only on secure websites;
  • Only use USB drives that are secure;
  • Never give the company’s WIFI access code to external individuals without authorization;
  • When in doubt about a link in an email, an attachment, or any suspicious activity, immediately contact the IT manager.

Sotralu Group acknowledges that employees may be required to use personal devices to access company systems. In these cases, employees should communicate this information to management for record-keeping purposes. To ensure the protection of the company’s systems, all employees are required to do so:

  • Ensure that all personal devices used to access company-related systems are password protected (minimum 8 characters);
  • Install full-featured antivirus software;
  • Update the antivirus software regularly;
  • Block all devices if left unattended;
  • Ensure that all devices are always protected;
  • Always use secure and private networks.

Protecting email systems is a top priority, as email messages can lead to data theft, fraud, and can carry malicious software such as worms and bugs. Therefore, Sotralu Group requests that all employees do so:

  • Check the legitimacy of each email, including the email address and sender’s name;
  • Avoid opening suspicious emails, attachments, and clicking on links;
  • Look for any significant grammatical errors;
  • Avoid suspicious titles and links;
  • Contact the IT Department regarding any suspicious emails.

Grupo Sotralu reconhece os riscos de segurança da transferência de dados confidenciais a nível interno e / ou externo. To minimize the chances of data theft, we instructed all employees to do so:

  • Abstain from transferring confidential information to colleagues and external parties;
  • Just transfer confidential data through Sotralu Group networks;
  • Obtain the necessary authorization from management;
  • Check the recipient of the information and ensure they have appropriate security measures in place;
  • Compliance with Sotralu Group’s data protection law;
  • Immediately alert the IT Department to any breaches, malicious software, and / or fraudulent schemes;
  • Delete emails that are not meant for you;
  • Do not use printed documents belonging to someone else;
  • Keep all company data only on the company’s server;
  • Never disclose personal or company data over the phone to a third party;
  • Use only clouds with enterprise certification.

The violation of this policy may lead to disciplinary action, which ultimately could result in contract termination. The disciplinary protocols of Sotralu Group are based on the severity of the violation. Involuntary violations only warrant a verbal warning, frequent violations of the same nature may result in a written warning, and intentional violations may lead to suspension and / or termination, depending on the circumstances of the case.

8. Updates

All policies linked to our Code of Conduct will be reviewed on at least an annual basis by the ESG management team. These policies should then be amended to reflect any changes in laws or practices.